Java certification instructions using Apache Shiro

     Certification is the process of trying to prove who a user is. For authentication, a user needs to provide some form of identification that the system can understand and trust. The technical terms that we need to understand in this process include:

subject--refers to the current operator, which can be a person (user), a third-party program, and any other person or thing that interacts with our application.

principals--is a subject attribute, such as user name, social Security code (such as China's ID number)

credentials--is used to verify the identity of secret data, such as passwords, biometric data (such as fingerprints, etc.), x509 certificates, and so on.

realms--is used to access specific security DAO, data Access objects, software components, and so on back-end data sources. For example, if we use LDAP to store user name secrets, then we need to have an LDAP Realm that interacts with LDAP. Therefore, we need a realm for each backend data source, and Shiro can coordinate these realms to do what we need to do.

Using Shiro for authentication in Java applications can be divided into three steps.

1. Collection of subject principals and credentials

2. Submit principals and credentials to the certification system

3. After authentication or allow access, or attempt to re-authenticate, or block access.

Referring to the first step of collecting principals and credentials, here we need to know a simple username/password Authentication token (token)--usernamepasswordtoken that supports most authentication mechanisms. We use it to bind the user names and passwords that have been obtained in the application. How do I get the user name and password? Shiro itself is not related to acquisition (protocol agnostic), we can pass the form submission, HTTP header or command line, etc. into the Java program. Use the following method as shown below.

UsernamePasswordToken token = new UsernamePasswordToken( username, password );

The second step is to submit the token obtained in the previous step to the authentication system. What is a certification system? In the Shiro world, it is a security-related Daos, which refers to realms in the previous article. An example of the entire commit authentication process is shown below.

Subject currentUser = SecurityUtils.getSubject();currentUser.login(token);

What did the above code do? First, the "user" of the currently executing operation is obtained and then the token created by the previous article is submitted for authentication via login mode--subject--.
and after the certification, if successful we can login to the system and associated with the corresponding account and if the authentication fails Shiro will throw an exception, we can based on this information or retry authentication, or block access and other operations. The corresponding code is shown below.

try {    currentUser.login(token);}    catch    Span class= "pun" style= "color: #93a1a1" > (   unknownaccountexception   UAE  )    {    ...  }    catch    Span class= "pun" style= "color: #93a1a1" > (   incorrectcredentialsexception   ice  )    {    ...   }    catch    Span class= "pun" style= "color: #93a1a1" > (   lockedaccountexception   Lae  "    {    ...  }    catch    Span class= "pun" style= "color: #93a1a1" > (   excessiveattemptsexception   Eae  )    {    ...   }     ...    catch   your own   ...   }    catch    Span class= "pun" style= "color: #93a1a1" > (   authenticationexception   AE  "    {      //unexpected error?}

Finally, the user can log out of the login and call currentuser.logout () We are logged out of the Shiro. Shiro will close the user session and remove the identity associated with the current subject instance.

Java certification instructions using Apache Shiro